Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Setting up ACL for DMZ



I have a SG300, with 3 networks on it.

A Server net (192.168.2.x - vlan 1) a DMZ (192.168.3.x - vlan 12 ) and a Guest net (192.168.4.x - vlan 10)


All this works fine, the computers / servers can reach each other - but they are not supposed to :)


When applying this access lists to the Server and DMZ vlan, then all connections goes down.



ip access-list extended Server
permit ip any any



The server net need full access to the other networks.





ip access-list extended DMZ
permit udp any any domain
permit udp any any domain
permit tcp any any 445
permit tcp any any 137-139
permit udp any any 137-139
permit tcp any any 8530



When trying from a FTP server ( to telnet to on port 8530 (WSUS), then its not working.

But when removing the ACL from the VLAN, then it works perfectly :(


At VLAN 12, im using this command:

service-acl input DMZ default-action permit-any


What am i doing wrong?


Everyone's tags (3)